Big news as Acer fixes a major bug. Acer business and consumer computers are affected by a fresh set of vulnerabilities discovered by researchers.
The flaw, discovered by ESET, allows malicious users to disable UEFI Secure Boot by directly setting variables in NVRAM. This is a type of non-volatile Random Access Memory, disabled from the operating system.
A feature called UEFI Secure Boot serves as a verification process to make sure that malicious software, such as rootkits and bot kits, cannot boot on your computers. And disable or circumvent security measures. Or even install their own payloads with administrative capabilities.
Acer fixes a major bug: how does this weakness operate?
Martin Smolar, an ESET malware researcher, reported the vulnerability. Called #CVE-2022-4020, he says it is present in the DXE driver HQSwSmiDxe in a tweet. If the “BootOrderSecureBootDisable” NVRAM variable is present in your system, the driver will disable Secure Boot after looking for it.
Acer’s blog post(opens in new tab) lists the Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G models that are affected.
Acer stated that it is developing a BIOS update to address this problem. And will publish it on its support website. However, the hardware company suggests that you upgrade your BIOS to the most recent version in the meantime. And however, stated that this update will be a vital Windows update.
This is not the first time that ESET has recently disclosed UEFI Secure Boot vulnerabilities.
The cybersecurity company also discovered firmware flaws in January 2022 that affected Lenovo laptops and were related to UEFI firmware, which it disclosed in a tweet of its own.